You must however be careful of solutions which "hobble" PFCG and perform direct updates to the AGR* tables. These will be blocked in future via the package interface concept and you cannot rollback to normal PFCG maintenance -> you have to start over without the tool.
As security tables are system critical and there are APIs for user and to some extent authorizations administration, the likelihood of SUSR and PRGN packages being switched sooner than others is very high and SAP did not give any warnings when they switched the first round of packages from developer log warnings to runtime errors.
I strongly recommend that if you want to use such tools, then you should acquire them via SAP services contracts for partner products and not external bespoke tools.
Cheers,
Julius